Hello,
I have setup Kiwi to act as a buffer between my devices and NPM and have configured multiple filters with an action to Display to Display 09 (so I can see what is being forwarded) and Forward to NPM.
One of my filters looks like this and tests without problem -
Example syslog message -
Apr 4 08:56:58.032 BST: %SYS-5-CONFIG_I: Configured from console by Peter on vty0 (10.10.10.10)
RegEx filter -
".*SYS-5-CONFIG_I: Configured from console by .* on.*"
If I create another rule filtering by source IP I can see the message being sent correctly.
Edit: Just as I was typing this I wondered if it was an AND rather than an OR for the filters and on disabling all the other filters except the above one it worked.
Teaches me to RTFM -
"For each rule, the message is matched against the specified filters. Starting from the top most filter and working down. If any of the filter conditions fail, the program stops processing that rule and moves on to the next rule. If all the filter conditions are met, that is they all return TRUE, then the program will perform the specified action or actions for that rule, in order starting at the top most action and working down."
Hope this helps someone